atlas-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shweth...@apache.org
Subject incubator-atlas git commit: ATLAS-350 Document jaas config details for atlas (tbeerbower via shwethags)
Date Wed, 02 Dec 2015 05:33:00 GMT
Repository: incubator-atlas
Updated Branches:
  refs/heads/master 238ca11cd -> 91ad0218f


ATLAS-350 Document jaas config details for atlas (tbeerbower via shwethags)


Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/91ad0218
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/91ad0218
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/91ad0218

Branch: refs/heads/master
Commit: 91ad0218f4ad1babe26d2024861002a4f352c27e
Parents: 238ca11
Author: Shwetha GS <sshivalingamurthy@hortonworks.com>
Authored: Wed Dec 2 11:02:54 2015 +0530
Committer: Shwetha GS <sshivalingamurthy@hortonworks.com>
Committed: Wed Dec 2 11:02:54 2015 +0530

----------------------------------------------------------------------
 docs/src/site/twiki/security.twiki | 21 +++++++++++++++++++++
 release-log.txt                    |  1 +
 2 files changed, 22 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/91ad0218/docs/src/site/twiki/security.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/security.twiki b/docs/src/site/twiki/security.twiki
index 84b19ad..e360004 100755
--- a/docs/src/site/twiki/security.twiki
+++ b/docs/src/site/twiki/security.twiki
@@ -44,6 +44,27 @@ The properties for configuring service authentication are:
 
 Note that when Atlas is configured with HBase as the storage backend in a secure cluster,
the graph db (titan) needs sufficient user permissions to be able to create and access an
HBase table.  To grant the appropriate permissions see [[Configuration][Graph persistence
engine - Hbase]].
 
+---+++ JAAS configuration
+
+When Atlas is configured with HBase as the storage backend in a secure cluster, a JAAS configuration
file should be created and specified so that the HBase client can attempt to SASL-authenticate.
+
+   * Create Atlas JAAS configuration file (e.g. /etc/atlas/conf/atlas-jaas.conf).
+
+<verbatim>
+	Client {
+	   com.sun.security.auth.module.Krb5LoginModule required
+	   useKeyTab=true
+	   useTicketCache=false
+	   storeKey=true
+	   doNotPrompt=false
+	   keyTab="<atlas keytab>"
+	   principal="<atlas principal>";
+	};
+</verbatim>
+
+   * Update Atlas METADATA_OPTS to include ‘java.security.auth.login.config’ set to the
above Atlas JAAS configuration file.
+      * For example, <code>-Djava.security.auth.login.config=/etc/atlas/conf/atlas-jaas.conf</code>
+
 ---+++ SPNEGO-based HTTP Authentication
 
 HTTP access to the Atlas platform can be secured by enabling the platform's SPNEGO support.
 There are currently two supported authentication mechanisms:

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/91ad0218/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index 6413c21..6d4873b 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -9,6 +9,7 @@ ATLAS-54 Rename configs in hive hook (shwethags)
 ATLAS-3 Mixed Index creation fails with Date types (sumasai via shwethags)
 
 ALL CHANGES:
+ATLAS-350 Document jaas config details for atlas (tbeerbower via shwethags)
 ATLAS-344 Document HBase permissions for secure cluster (tbeerbower via shwethags)
 ATLAS-335 Kerberized cluster: Atlas fails to come up with hbase as backend (sumasai via shwethags)
 ATLAS-333 atlas_stop.py – script must delete “atlas.pid” file (ndjouhr via sumasai)


Mime
View raw message